Re: RFC 1918

From: Bennett Todd

Date: Fri Jul 14 16:07:08 2000

2000-07-14-15:39:00 Gary E. Miller:
> Yo Bennet!
Hi!
> Sounds like circular reasoning:
Circular reasoning is certainly easy to create, thanks for this nice
specimen.
> Path MTU discovery is broken beacuse poeple use RFC1918 addresses
> in routers.
That's not my claim. Path MTU discovery is rarely needed. That's an
observation in practice, not a claim about how things are supposed
to be or anything.
In those rare occasions when it's needed, it often works. But when
people have a setup that leaves them with a path that bottlenecks
in the middle to less than normal ethernet MTU, and thus and would
frag for many or most connection, they do tend to find a few sites
that they cannot visit, because the sites have servers with Path MTU
discovery left enabled behind firewalls (or load balancers, or other
gizmos) that break it by not correctly forwarding the ICMP Must Frag
error packets back.
> Since Path MTU discovery is broken then there is no need to follow
> RFC1918.
Well, that's not my claim either, I don't know where you come up
with this argument, should we put your name on it?
I claim rather that most routers _never_ have an operational need
to talk directly to random strangers, i.e. to have their interface
addresses leak. So sure, honor RFC 1918 strictly and utterly and to
the letter: put egress filters for the addrs that would guarantee
that anyone who tried to traceroute through you would see timeouts
as the replies were blocked. If that makes whingers happier, groove
on it. If your router doesn't have any different-MTU interfaces that
it routes between, then there's no harm in using RFC 1918 addresses
on the endpoints of inter-router links.
-Bennett